US20030131264A1 - System and method for password authentication for non-LDAP regions - Google Patents

System and method for password authentication for non-LDAP regions Download PDF

Info

Publication number
US20030131264A1
US20030131264A1 US09/731,571 US73157100A US2003131264A1 US 20030131264 A1 US20030131264 A1 US 20030131264A1 US 73157100 A US73157100 A US 73157100A US 2003131264 A1 US2003131264 A1 US 2003131264A1
Authority
US
United States
Prior art keywords
user
database
ldap
password
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US09/731,571
Other versions
US7099475B2 (en
Inventor
Barbara Huff
Howard Pfeffer
Michael Gazillo
Jack Cashman
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Time Warner Cable Internet LLC
Original Assignee
Road Runner HoldCo LLC
Road Runner LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US09/731,571 priority Critical patent/US7099475B2/en
Application filed by Road Runner HoldCo LLC, Road Runner LLC filed Critical Road Runner HoldCo LLC
Publication of US20030131264A1 publication Critical patent/US20030131264A1/en
Assigned to ROAD RUNNER reassignment ROAD RUNNER ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HUFF, BARBARA
Assigned to ROAD RUNNER reassignment ROAD RUNNER NON-DISCLOSURE AND INTELLECTUAL PROPERTY ASSIGNMENT AGREEMENTS Assignors: CASHMAN, JOHN, GAZILLO, MICHAEL, PFEFFER, HOWARD
Assigned to ROAD RUNNER LLC reassignment ROAD RUNNER LLC CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: SERVICECO LLC
Assigned to ROAD RUNNER HOLDCO LLC reassignment ROAD RUNNER HOLDCO LLC CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: CABLE HOLDCO LLC
Assigned to SERVICECO LLC reassignment SERVICECO LLC RECORD TO CORRECT THE 2ND CONVEYING PARTY'S AND THE RECEIVING PARTY'S NAME, PREVIOUSLY RECORDED AT REEL 014368, FRAME 0866. Assignors: CASHMAN, JOHN, GAZZILLO, MICHAEL, PFEFFER, HOWARD
Assigned to CABLE HOLDCO LLC reassignment CABLE HOLDCO LLC INSTRUMENT OF TRANSFER AND ASSUMPTION Assignors: ROAD RUNNER LLC
Publication of US7099475B2 publication Critical patent/US7099475B2/en
Application granted granted Critical
Assigned to BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT reassignment BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BRIGHT HOUSE NETWORKS, LLC, CHARTER COMMUNICATIONS OPERATING, LLC, TIME WARNER CABLE ENTERPRISES LLC
Assigned to THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A. reassignment THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A. SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: TIME WARNER CABLE INFORMATION SERVICES (NORTH CAROLINA), LLC, ADCAST NORTH CAROLINA CABLE ADVERTISING, LLC, ALABANZA LLC, AMERICAN CABLE ENTERTAINMENT COMPANY, LLC, AMERICA'S JOB EXCHANGE LLC, ATHENS CABLEVISION, LLC, AUSABLE CABLE TV, LLC, BHN HOME SECURITY SERVICES, LLC, BHN SPECTRUM INVESTMENTS, LLC, BRESNAN BROADBAND HOLDINGS, LLC, BRESNAN BROADBAND OF COLORADO, LLC, BRESNAN BROADBAND OF MONTANA, LLC, BRESNAN BROADBAND OF UTAH, LLC, BRESNAN BROADBAND OF WYOMING, LLC, BRESNAN COMMUNICATIONS, LLC, BRESNAN DIGITAL SERVICES, LLC, BRESNAN MICROWAVE OF MONTANA, LLC, BRIGHT HOUSE NETWORKS INFORMATION SERVICES (ALABAMA), LLC, BRIGHT HOUSE NETWORKS INFORMATION SERVICES (CALIFORNIA), LLC, BRIGHT HOUSE NETWORKS INFORMATION SERVICES (FLORIDA), LLC, BRIGHT HOUSE NETWORKS INFORMATION SERVICES (INDIANA), LLC, BRIGHT HOUSE NETWORKS INFORMATION SERVICES (MICHIGAN), LLC, BRIGHT HOUSE NETWORKS, LLC, CABLE EQUITIES COLORADO, LLC, CABLE EQUITIES OF COLORADO MANAGEMENT LLC CC 10, LLC, CC FIBERLINK, LLC, CC MICHIGAN, LLC, CC SYSTEMS, LLC, CC V HOLDINGS, LLC, CC VI FIBERLINK, LLC, CC VI OPERATING COMPANY, LLC, CC VII FIBERLINK, LLC, CC VIII FIBERLINK, LLC, CC VIII HOLDINGS, LLC, CC VIII OPERATING, LLC, CC VIII, LLC, CCO FIBERLINK, LLC, CCO HOLDCO TRANSFERS VII, LLC, CCO LP, LLC, CCO NR HOLDINGS, LLC, CCO PURCHASING, LLC, CCO SOCAL I, LLC, CCO SOCAL II, LLC, CCO SOCAL VEHICLES, LLC, CCO TRANSFERS, LLC, CHARTER ADVANCED SERVICES (AL), LLC, CHARTER ADVANCED SERVICES (CA), LLC, CHARTER ADVANCED SERVICES (CO), LLC, CHARTER ADVANCED SERVICES (CT), LLC, CHARTER ADVANCED SERVICES (GA), LLC, CHARTER ADVANCED SERVICES (IL), LLC, CHARTER ADVANCED SERVICES (IN), LLC, CHARTER ADVANCED SERVICES (KY), LLC, CHARTER ADVANCED SERVICES (LA), LLC, CHARTER ADVANCED SERVICES (MA), LLC, CHARTER ADVANCED SERVICES (MD), LLC, CHARTER ADVANCED SERVICES (MI), LLC, CHARTER ADVANCED SERVICES (MN), LLC, CHARTER ADVANCED SERVICES (MO), LLC, CHARTER ADVANCED SERVICES (MS), LLC, CHARTER ADVANCED SERVICES (MT), LLC, CHARTER ADVANCED SERVICES (NC), LLC, CHARTER ADVANCED SERVICES (NE), LLC, CHARTER ADVANCED SERVICES (NH), LLC, CHARTER ADVANCED SERVICES (NV), LLC, CHARTER ADVANCED SERVICES (NY), LLC, CHARTER ADVANCED SERVICES (OH), LLC, CHARTER ADVANCED SERVICES (OR), LLC, CHARTER ADVANCED SERVICES (PA), LLC, CHARTER ADVANCED SERVICES (SC), LLC, CHARTER ADVANCED SERVICES (TN), LLC, CHARTER ADVANCED SERVICES (TX), LLC, CHARTER ADVANCED SERVICES (UT), LLC, CHARTER ADVANCED SERVICES (VA), LLC, CHARTER ADVANCED SERVICES (VT), LLC, CHARTER ADVANCED SERVICES (WA), LLC, CHARTER ADVANCED SERVICES (WI), LLC, CHARTER ADVANCED SERVICES (WV), LLC, CHARTER ADVANCED SERVICES (WY), LLC, CHARTER ADVANCED SERVICES VIII (MI), LLC, CHARTER ADVANCED SERVICES VIII (MN), LLC, CHARTER ADVANCED SERVICES VIII (WI), LLC, CHARTER ADVERTISING OF SAINT LOUIS, LLC, CHARTER CABLE OPERATING COMPANY, LLC, CHARTER CABLE PARTNERS, LLC, CHARTER COMMUNICATIONS ENTERTAINMENT I, LLC, CHARTER COMMUNICATIONS ENTERTAINMENT II, LLC, CHARTER COMMUNICATIONS ENTERTAINMENT, LLC, CHARTER COMMUNICATIONS OF CALIFORNIA, LLC, CHARTER COMMUNICATIONS OPERATING CAPITAL CORP., CHARTER COMMUNICATIONS OPERATING, LLC, CHARTER COMMUNICATIONS PROPERTIES LLC, CHARTER COMMUNICATIONS V, LLC, CHARTER COMMUNICATIONS VENTURES, LLC, CHARTER COMMUNICATIONS VI, L.L.C., CHARTER COMMUNICATIONS VII, LLC, CHARTER COMMUNICATIONS, LLC, CHARTER DISTRIBUTION, LLC, CHARTER FIBERLINK - ALABAMA, LLC, CHARTER FIBERLINK - GEORGIA, LLC, CHARTER FIBERLINK - ILLINOIS, LLC, CHARTER FIBERLINK - MARYLAND II, LLC, CHARTER FIBERLINK - MICHIGAN, LLC, CHARTER FIBERLINK - MISSOURI, LLC, CHARTER FIBERLINK - NEBRASKA, LLC, CHARTER FIBERLINK - PENNSYLVANIA, LLC, CHARTER FIBERLINK - TENNESSEE, LLC, CHARTER FIBERLINK AR-CCVII, LLC, CHARTER FIBERLINK CA-CCO, LLC, CHARTER FIBERLINK CC VIII, LLC, CHARTER FIBERLINK CCO, LLC, CHARTER FIBERLINK CT-CCO, LLC, CHARTER FIBERLINK LA-CCO, LLC, CHARTER FIBERLINK MA-CCO, LLC, CHARTER FIBERLINK MS-CCVI, LLC, CHARTER FIBERLINK NC-CCO, LLC, CHARTER FIBERLINK NH-CCO, LLC, CHARTER FIBERLINK NV-CCVII, LLC, CHARTER FIBERLINK NY-CCO, LLC, CHARTER FIBERLINK OH-CCO, LLC, CHARTER FIBERLINK OR-CCVII, LLC, CHARTER FIBERLINK SC-CCO, LLC, CHARTER FIBERLINK TX-CCO, LLC, CHARTER FIBERLINK VA-CCO, LLC, CHARTER FIBERLINK VT-CCO, LLC, CHARTER FIBERLINK WA-CCVII, LLC, CHARTER HELICON, LLC, CHARTER HOME SECURITY, LLC, CHARTER LEASING HOLDING COMPANY, LLC, CHARTER LEASING OF WISCONSIN, LLC, CHARTER RMG, LLC, CHARTER STORES FCN, LLC, CHARTER VIDEO ELECTRONICS, LLC, COAXIAL COMMUNICATIONS OF CENTRAL OHIO LLC, DUKENET COMMUNICATIONS HOLDINGS, LLC, DUKENET COMMUNICATIONS, LLC, FALCON CABLE COMMUNICATIONS, LLC, FALCON CABLE MEDIA, A CALIFORNIA LIMITED PARTNERSHIP, FALCON CABLE SYSTEMS COMPANY II, L.P., FALCON CABLEVISION, A CALIFORNIA LIMITED PARTNERSHIP, FALCON COMMUNITY CABLE, L.P., FALCON COMMUNITY VENTURES I LIMITED PARTNERSHIP, FALCON FIRST CABLE OF THE SOUTHEAST, LLC, FALCON FIRST, LLC, FALCON TELECABLE, A CALIFORNIA LIMITED PARTNERSHIP, FALCON VIDEO COMMUNICATIONS, L.P., HELICON PARTNERS I, L.P., HOMETOWN T.V., LLC, HPI ACQUISITION CO. LLC, ICI HOLDINGS, LLC, INSIGHT BLOCKER LLC, INSIGHT CAPITAL LLC, INSIGHT COMMUNICATIONS COMPANY LLC, INSIGHT COMMUNICATIONS COMPANY, L.P, INSIGHT COMMUNICATIONS MIDWEST, LLC, INSIGHT COMMUNICATIONS OF CENTRAL OHIO, LLC, INSIGHT COMMUNICATIONS OF KENTUCKY, L.P., INSIGHT INTERACTIVE, LLC, INSIGHT KENTUCKY CAPITAL, LLC, INSIGHT KENTUCKY PARTNERS I, L.P., INSIGHT KENTUCKY PARTNERS II, L.P., INSIGHT MIDWEST HOLDINGS, LLC, INSIGHT MIDWEST, L.P., INSIGHT PHONE OF INDIANA, LLC, INSIGHT PHONE OF KENTUCKY, LLC, INSIGHT PHONE OF OHIO, LLC, INTERACTIVE CABLE SERVICES, LLC, INTERLINK COMMUNICATIONS PARTNERS, LLC, INTREPID ACQUISITION LLC, LONG BEACH, LLC, MARCUS CABLE ASSOCIATES, L.L.C., MARCUS CABLE OF ALABAMA, L.L.C., MARCUS CABLE, LLC, MIDWEST CABLE COMMUNICATIONS, LLC, NAVISITE LLC, NEW WISCONSIN PROCUREMENT LLC, OCEANIC TIME WARNER CABLE LLC, PARITY ASSETS, LLC, PEACHTREE CABLE TV, L.P., PEACHTREE CABLE TV, LLC, PHONE TRANSFERS (AL), LLC, PHONE TRANSFERS (CA), LLC, PHONE TRANSFERS (GA), LLC, PHONE TRANSFERS (NC), LLC, PHONE TRANSFERS (TN), LLC, PHONE TRANSFERS (VA), LLC, PLATTSBURGH CABLEVISION, LLC, RENAISSANCE MEDIA LLC, RIFKIN ACQUISITION PARTNERS, LLC, ROBIN MEDIA GROUP, LLC, SCOTTSBORO TV CABLE, LLC TENNESSEE, LLC, THE HELICON GROUP, L.P., TIME WARNER CABLE BUSINESS LLC, TIME WARNER CABLE ENTERPRISES LLC, TIME WARNER CABLE INFORMATION SERVICES (ALABAMA), LLC, TIME WARNER CABLE INFORMATION SERVICES (ARIZONA), LLC, TIME WARNER CABLE INFORMATION SERVICES (CALIFORNIA), LLC, TIME WARNER CABLE INFORMATION SERVICES (COLORADO), LLC, TIME WARNER CABLE INFORMATION SERVICES (HAWAII), LLC, TIME WARNER CABLE INFORMATION SERVICES (IDAHO), LLC, TIME WARNER CABLE INFORMATION SERVICES (ILLINOIS), LLC, TIME WARNER CABLE INFORMATION SERVICES (INDIANA), LLC, TIME WARNER CABLE INFORMATION SERVICES (KANSAS), LLC, TIME WARNER CABLE INFORMATION SERVICES (KENTUCKY), LLC, TIME WARNER CABLE INFORMATION SERVICES (MAINE), LLC, TIME WARNER CABLE INFORMATION SERVICES (MASSACHUSETTS), LLC, TIME WARNER CABLE INFORMATION SERVICES (MICHIGAN), LLC, TIME WARNER CABLE INFORMATION SERVICES (MISSOURI), LLC, TIME WARNER CABLE INFORMATION SERVICES (NEBRASKA), LLC, TIME WARNER CABLE INFORMATION SERVICES (NEW HAMPSHIRE), LLC, TIME WARNER CABLE INFORMATION SERVICES (NEW JERSEY), LLC, TIME WARNER CABLE INFORMATION SERVICES (NEW MEXICO) LLC, TIME WARNER CABLE INFORMATION SERVICES (NEW YORK), LLC, TIME WARNER CABLE INFORMATION SERVICES (OHIO), LLC, TIME WARNER CABLE INFORMATION SERVICES (PENNSYLVANIA), LLC, TIME WARNER CABLE INFORMATION SERVICES (SOUTH CAROLINA), LLC, TIME WARNER CABLE INFORMATION SERVICES (TENNESSEE), LLC, TIME WARNER CABLE INFORMATION SERVICES (TEXAS), LLC, TIME WARNER CABLE INFORMATION SERVICES (VIRGINIA), LLC, TIME WARNER CABLE INFORMATION SERVICES (WASHINGTON), LLC, TIME WARNER CABLE INFORMATION SERVICES (WEST VIRGINIA), LLC, TIME WARNER CABLE INFORMATION SERVICES (WISCONSIN), LLC, TIME WARNER CABLE INTERNATIONAL LLC, TIME WARNER CABLE INTERNET HOLDINGS III LLC, TIME WARNER CABLE INTERNET HOLDINGS LLC, TIME WARNER CABLE INTERNET LLC, TIME WARNER CABLE MEDIA LLC, TIME WARNER CABLE MIDWEST LLC, TIME WARNER CABLE NEW YORK CITY LLC, TIME WARNER CABLE NORTHEAST LLC, TIME WARNER CABLE PACIFIC WEST LLC, TIME WARNER CABLE SERVICES LLC, TIME WARNER CABLE SOUTHEAST LLC, TIME WARNER CABLE SPORTS LLC, TIME WARNER CABLE TEXAS LLC, TWC ADMINISTRATION LLC, TWC COMMUNICATIONS, LLC, TWC DIGITAL PHONE LLC, TWC MEDIA BLOCKER LLC, TWC NEWCO LLC, TWC NEWS AND LOCAL PROGRAMMING HOLDCO LLC, TWC NEWS AND LOCAL PROGRAMMING LLC, TWC REGIONAL SPORTS NETWORK I LLC, TWC SECURITY LLC, TWC SEE HOLDCO LLC, TWC WIRELESS LLC, TWC/CHARTER DALLAS CABLE ADVERTISING, LLC, TWCIS HOLDCO LLC, VISTA BROADBAND COMMUNICATIONS, LLC, VOIP TRANSFERS (AL), LLC, VOIP TRANSFERS (CA) LLC, VOIP TRANSFERS (GA), LLC, VOIP TRANSFERS (NC), LLC, VOIP TRANSFERS (TN), LLC, VOIP TRANSFERS (VA), LLC, WISCONSIN PROCUREMENT HOLDCO LLC
Assigned to WELLS FARGO TRUST COMPANY, N.A. reassignment WELLS FARGO TRUST COMPANY, N.A. SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BRIGHT HOUSE NETWORKS, LLC, CHARTER COMMUNICATIONS OPERATING, LLC, TIME WARNER CABLE ENTERPRISES LLC, TIME WARNER CABLE INTERNET LLC
Assigned to TIME WARNER CABLE INTERNET LLC reassignment TIME WARNER CABLE INTERNET LLC CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: ROAD RUNNER HOLDCO LLC
Adjusted expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies

Definitions

  • This invention relates generally to connection to the Internet for computers that are not within their original ISP region. More particularly, the present invention is a system and method for a dial-up roaming architecture that allows Internet connections for individuals who are not within their original ISP region.
  • Internet connection is typically accomplished by an Internet Service Provider (ISP) signing up an individual who can then sign on to the Internet via connectivity that is provided by the ISP.
  • ISP Internet Service Provider
  • the connection In the case of a cable internet infrastructure, the connection is via a cable modem.
  • DSL digital subscriber line
  • the connection is via a DSL modem. Thereafter, the user can access the Internet based upon the speed of the connection to the ISP.
  • a problem occurs when an individual user is no longer present within the region that is covered by the cable or DSL ISP. This occurs when individuals are traveling or “roaming” to an area other than the area where service is provided by the user's ISP.
  • LDAP Lightweight Directory Access Protocol
  • LDAP is a directory service specification that is generally accepted in the Internet.
  • Such a directory service allows people to locate other people or services.
  • Such a directory service is basically a database that can be searched and manipulated in a number of ways to display information about a network and its resources.
  • One such use is to create and manage user accounts including access by registered users to LDAP enabled networks.
  • LDAP service is widely accepted over the Internet, there are many Internet Service Providers who are not LDAP compatible or enabled. These non-LDAP networks may be affiliated with other networks which are LDAP enabled. In such cases it is difficult to verify that a user is authorized to use a non-LDAP network when the user is trying to access the network via dial-up connection. While LDAP does provide a good solution to support and authenticate users who are roaming, for those ISPs who are not LDAP enabled, to upgrade to a standard LDAP architecture requires expensive architectural changes that many ISPs are not inclined to make.
  • SMS subscriber management systems
  • any subscriber management system in the non- LDAP region would need to be kept in synchronization with an authentication database that exists in centralized LDAP database.
  • RADIUS remote authentication dial-in user service
  • the present invention allows a user to be away from the user's cable modem connection and use a local dial-roaming telephone number, and analog modem, together with client dial-up software to dial into a local Dial Access Provider (DAP).
  • the DAP forwards an access request over a Network Access Server (NAS) over a local Internet network.
  • NAS Network Access Server
  • That request for access proceeds to a corporate RADIUS server which authenticates the request of the user against an LDAP database. If the user is authenticated against the directory of the LDAP database, access to the cable modem services are allowed.
  • the NAS operates as a client of the corporate RADIUS server.
  • the NAS is responsible for passing user information to the corporate RADIUS server and then acting on the response that is returned.
  • the corporate RADIUS server receives user connection requests, authenticates the user, and provides configuration information to the NAS to deliver service to the user who is dialing in.
  • the NAS creates an access request containing such attributes as the user name and password.
  • the access request is sent to the corporate RADIUS server for authentication.
  • the RADIUS server determines to which region the user belongs by comparing the user's region which is, in part a function of a naming convention such as (user name@ region.rr.com). This is compared against the region's site type in the configuration file, that is, LDAP or non- LDAP. If the region is an LDAP region, the authentication request is forwarded to the regional LDAP database.
  • the LDAP database checks its database directory and, if the user is present in the database and password is correct returns an “accept” message or a “deny” message if the user is not in the database.
  • the corporate RADIUS server will proxy to an appropriate regional RADIUS server.
  • the regional RADIUS having received the authentication request in the form of a user name and CHAP hashed password, retrieves the user's clear text password from the subscriber management system (SMS) or account management system (AMS) associated with the non- LDAP region.
  • SMS subscriber management system
  • AMS account management system
  • the system then hashes the clear text password from the SMS/AMS database using the Challenge Handshake Authentication Protocol (CHAP) and compares it to the incoming password which is, in the preferred embodiment, also CHAP hashed and returns an “accept” message if the user is present in the SMS/AMS database or a “deny” message if the user is not present in the database.
  • CHAP hashing is not meant as a limitation. Passwords may be sent “in the clear” although this is not recommended for security reasons, or other hasing algorithms can be use to hash the password that are sent and compared.
  • the system has the advantage of not requiring major upgrades to non-LDAP regions. For example, for an SMS site, no new hardware would be required since a regional RADIUS will be installed on the existing SMS servers. For AMS sites, an upgrade can be accomplished in a cost effective fashion by using, for example and without limitation, a Compaq Proliant 3000 256 megabytes of RAM and mirrored 5 GB disk drives. Such a system would operate using Windows NT 4.0 and other software generally known in the art.
  • FIG. 1 is an overall architectural view of the present invention.
  • the present invention is a system and method for allowing both LDAP and non-LDAP users to freely roam in different regions of the country and connect to all of the cable or DSL network functionality via dial-up connection.
  • Users 10 and 12 who are roaming outside of the service region of the cable network provider connect via a dial-up modem connection, or other type of wired or wireless connection to a network access server 14 .
  • Naming conventions for users who are roaming allow user 10 , for example, who is serviced via an LDAP region to access email and other cable network features by virtue of the email address. Regions with LDAP service and regions without LDAP service are differentiate by virtue of their addresses.
  • the network access server 14 connects to the local Internet Service Provider 16 and, via a dedicated communication line 18 , which may, for example, be a T 1 line. However, this is not meant as a limitation. Any dedicated high bandwidth line or access both wired and wireless would be suitable for the present invention.
  • the local ISP then connects to the corporate RADIUS server 20 for those users who are in a region that is LDAP enabled.
  • the corporate RADIUS server 20 communicates with the LDAP regional server 24 to determine if the user is in the LDAP database 26 . If the user is in the LDAP database 26 .
  • the regional LDAP server 24 authenticates the user to the corporate RADIUS server 20 which then sends the appropriate accept or deny signal through the communication link 18 over the local ISP 16 through the network access server 14 , to the roaming customer 10 .
  • customer 12 dials in via the network access server 14 , over the local ISP 16 and again over dedicated network 18 to the RADIUS server 22 .
  • the RADIUS server then proxies the request for access to a regional RADIUS server 28 which connects to the non- LDAP region server 30 which in turn has a subscriber management system (SMS) or account management system (AMS) database 32 .
  • SMS subscriber management system
  • AMS account management system
  • the system determines if the roaming customer 12 is permitted access. If such access is permitted, a message is sent by the non-LDAP region server 30 to the regional RADIUS 28 to the RADIUS server 22 . Thereafter the accept or deny signal is sent via the dedicated network 18 via the local ISP 16 over the network access server 14 to the roaming customer 12 .

Abstract

A system and method for allowing roaming of a subscriber and password authentication a non-LDAP region. A user signs onto a network access server which in turn connects to the regional LDAP RADIUS server. Password authentication occurs by hashing a transmitted password and comparing it to a clear text password from an LDAP database that has been hashed in the same manner as the transmitted password. When the subscriber is in a non-LDAP region, The password proceeds trough a proxy server to a regional RADIUS server which connects to a non-LDAP server. The non-LDAP server connects to and SMS database and retrieve the clear text password associated with the non-LDFSAP user, hashes it according the same method as the transmitted hashed password and formats the password for comparison in the regional RADIUS server. If the hashed passwords compare, the access is permitted.

Description

    FIELD OF THE INVENTION
  • This invention relates generally to connection to the Internet for computers that are not within their original ISP region. More particularly, the present invention is a system and method for a dial-up roaming architecture that allows Internet connections for individuals who are not within their original ISP region. [0001]
    • BACKGROUND OF THE INVENTION
  • Internet connection is typically accomplished by an Internet Service Provider (ISP) signing up an individual who can then sign on to the Internet via connectivity that is provided by the ISP. This typically takes the form of a dial-up modem or other type of Internet connection via the ISP. In the case of a cable internet infrastructure, the connection is via a cable modem. In the case of a digital subscriber line (DSL) internet infrastructure, the connection is via a DSL modem. Thereafter, the user can access the Internet based upon the speed of the connection to the ISP. [0002]
  • A problem occurs when an individual user is no longer present within the region that is covered by the cable or DSL ISP. This occurs when individuals are traveling or “roaming” to an area other than the area where service is provided by the user's ISP. [0003]
  • When using a cellular telephone, this procedure is very commonly encountered by travelers who go from one geographic region to another. Basically travelers are then assigned to a roaming status and their presence within a particular calling area is noted with information subsequently provided to the home network, allowing home network to contact the user who is “roaming.”[0004]
  • To solve this problem, currently many users keep a dial-up ISP such as the Microsoft Network to allow them to have access to the Internet when they are away from home. This avoids some of the issues associated with different formats that support dial-up roaming but does not allow, for example, access to the features of a cable internet connection. [0005]
  • Currently, one such protocol that can be used as a directory service to allow people to locate other people on the Internet is called the Lightweight Directory Access Protocol or LDAP. LDAP is a directory service specification that is generally accepted in the Internet. Such a directory service allows people to locate other people or services. Such a directory service is basically a database that can be searched and manipulated in a number of ways to display information about a network and its resources. One such use is to create and manage user accounts including access by registered users to LDAP enabled networks. [0006]
  • Although LDAP service is widely accepted over the Internet, there are many Internet Service Providers who are not LDAP compatible or enabled. These non-LDAP networks may be affiliated with other networks which are LDAP enabled. In such cases it is difficult to verify that a user is authorized to use a non-LDAP network when the user is trying to access the network via dial-up connection. While LDAP does provide a good solution to support and authenticate users who are roaming, for those ISPs who are not LDAP enabled, to upgrade to a standard LDAP architecture requires expensive architectural changes that many ISPs are not inclined to make. [0007]
  • Many such non- LDAP ISPs use different subscriber management systems (generally referred to herein as SMS) with differently formatted databases. If a user is roaming and is attempting to connect to as a subscriber from a non- LDAP region, any subscriber management system in the non- LDAP region would need to be kept in synchronization with an authentication database that exists in centralized LDAP database. To date, there is no efficient access to data for authentication purposes from a non- LDAP region to an LDAP region. [0008]
  • What is therefore required is a system and method for allowing users to roam outside of their home regions and to log on to their respective ISPs via dial-up networking whether the home region is LDAP enabled or not. [0009]
    • SUMMARY OF THE INVENTION
  • It is therefore an objective of the present invention to allow users to roam freely, yet connect to ISPs at different locations and access their home LDAP enabled authentication region. [0010]
  • It is a further objective of the present invention to allow users to connect to non- LDAP based authentication regions and to allow subsequent authentication to take place in an LDAP region. [0011]
  • It is a further objective of the present invention to enable a cable modem or DSL subscriber whose account is assigned to a non- LDAP authenticated site to be able to roam across the country and have access to such services when they are away from their cable modem, i.e., connecting to an ISP where they are located. [0012]
  • It is a further objective of the present invention to allow access to a cable modem or DSL infrastructure using a telephone modem dial-up connection. [0013]
  • It is yet another objective of the present invention to create a regional remote authentication dial-in user service (RADIUS) so that secure authentication can take place. [0014]
  • It is yet another objective of the present invention to create an authentication mechanism so that secure authentication can take place regardless of the format of information in the subscriber management database. [0015]
  • These and other objectives of the present invention will become apparent to those skilled in the art from a review of the specification that follows. [0016]
  • The present invention allows a user to be away from the user's cable modem connection and use a local dial-roaming telephone number, and analog modem, together with client dial-up software to dial into a local Dial Access Provider (DAP). The DAP forwards an access request over a Network Access Server (NAS) over a local Internet network. [0017]
  • That request for access proceeds to a corporate RADIUS server which authenticates the request of the user against an LDAP database. If the user is authenticated against the directory of the LDAP database, access to the cable modem services are allowed. [0018]
  • Operating in this mode, the NAS operates as a client of the corporate RADIUS server. The NAS is responsible for passing user information to the corporate RADIUS server and then acting on the response that is returned. [0019]
  • The corporate RADIUS server receives user connection requests, authenticates the user, and provides configuration information to the NAS to deliver service to the user who is dialing in. [0020]
  • Transactions between the corporate RADIUS server and the NAS are authenticated through unique identification and exchange of secret information relating to identity. This information is not sent in the clear over the network. [0021]
  • The NAS creates an access request containing such attributes as the user name and password. The access request is sent to the corporate RADIUS server for authentication. The RADIUS server then determines to which region the user belongs by comparing the user's region which is, in part a function of a naming convention such as (user name@ region.rr.com). This is compared against the region's site type in the configuration file, that is, LDAP or non- LDAP. If the region is an LDAP region, the authentication request is forwarded to the regional LDAP database. The LDAP database then checks its database directory and, if the user is present in the database and password is correct returns an “accept” message or a “deny” message if the user is not in the database. [0022]
  • If the region in which the user is located is not an LDAP based region, the corporate RADIUS server will proxy to an appropriate regional RADIUS server. The regional RADIUS, having received the authentication request in the form of a user name and CHAP hashed password, retrieves the user's clear text password from the subscriber management system (SMS) or account management system (AMS) associated with the non- LDAP region. The system then hashes the clear text password from the SMS/AMS database using the Challenge Handshake Authentication Protocol (CHAP) and compares it to the incoming password which is, in the preferred embodiment, also CHAP hashed and returns an “accept” message if the user is present in the SMS/AMS database or a “deny” message if the user is not present in the database. When the passwords are CHAP hashed as noted above, the presence of the password and comparison to the transmitted password is accomplished by comparing the two hashes. If they exactly mathc, then the suer is poresent in the datbase and an “accept” message is transmitted. If the hashes do NOT match, the a “deny” message is sent. It should be noted that the CHAP hashing is not meant as a limitation. Passwords may be sent “in the clear” although this is not recommended for security reasons, or other hasing algorithms can be use to hash the password that are sent and compared. [0023]
  • It is also within the scope of the present invention to perform the hashing of passwords noted above regardless of the type of region (LDAP/non-LDAP) in which the user and the users access service is located [0024]
  • Regardless of the site type, user names and passwords are hashed so as not to be sent in clear text, thereby affording an additional element of security. [0025]
  • When a user completes a dial-in session, the user is disconnected. The NAS server then notifies the corporate RADIUS that the dial-in session has terminated. [0026]
  • The system has the advantage of not requiring major upgrades to non-LDAP regions. For example, for an SMS site, no new hardware would be required since a regional RADIUS will be installed on the existing SMS servers. For AMS sites, an upgrade can be accomplished in a cost effective fashion by using, for example and without limitation, a Compaq Proliant 3000 256 megabytes of RAM and mirrored 5 GB disk drives. Such a system would operate using Windows NT 4.0 and other software generally known in the art.[0027]
    • BRIEF DESCRIPTION OF THE FIGURES
  • FIG. 1 is an overall architectural view of the present invention. [0028]
    • DETAILED DESCRIPTION OF THE INVENTION
  • As noted above, the present invention is a system and method for allowing both LDAP and non-LDAP users to freely roam in different regions of the country and connect to all of the cable or DSL network functionality via dial-up connection. [0029]
  • [0030] Users 10 and 12 who are roaming outside of the service region of the cable network provider connect via a dial-up modem connection, or other type of wired or wireless connection to a network access server 14. Naming conventions for users who are roaming allow user 10, for example, who is serviced via an LDAP region to access email and other cable network features by virtue of the email address. Regions with LDAP service and regions without LDAP service are differentiate by virtue of their addresses. The network access server 14 connects to the local Internet Service Provider 16 and, via a dedicated communication line 18, which may, for example, be a T1 line. However, this is not meant as a limitation. Any dedicated high bandwidth line or access both wired and wireless would be suitable for the present invention. The local ISP then connects to the corporate RADIUS server 20 for those users who are in a region that is LDAP enabled. The corporate RADIUS server 20 communicates with the LDAP regional server 24 to determine if the user is in the LDAP database 26. If the user is in the LDAP database 26. The regional LDAP server 24 authenticates the user to the corporate RADIUS server 20 which then sends the appropriate accept or deny signal through the communication link 18 over the local ISP 16 through the network access server 14, to the roaming customer 10.
  • If the customer is in a non-LDAP region, [0031] customer 12 dials in via the network access server 14, over the local ISP 16 and again over dedicated network 18 to the RADIUS server 22. The RADIUS server then proxies the request for access to a regional RADIUS server 28 which connects to the non- LDAP region server 30 which in turn has a subscriber management system (SMS) or account management system (AMS) database 32. Through a view into the non- LDAP region server 30, the system determines if the roaming customer 12 is permitted access. If such access is permitted, a message is sent by the non-LDAP region server 30 to the regional RADIUS 28 to the RADIUS server 22. Thereafter the accept or deny signal is sent via the dedicated network 18 via the local ISP 16 over the network access server 14 to the roaming customer 12.
  • In this fashion, roaming customers who are in a region which is non- LDAP enabled can still use an access cable or DSL service via a regional RADIUS server which is a relatively inexpensive upgrade to existing systems. Thus, non- LDAP enabled regions do not have to engage in expensive upgrades in order to allow roaming customers to have access to their systems. [0032]
  • A system and method to allow roaming customers to have access to LDAP or non- LDAP enabled regions has now been illustrated. It will be appreciate by those skilled in the art that other variations of the present invention are possible without departing from the scope of the invention as disclosed. [0033]

Claims (27)

1. A method for dial roaming for users having a home non-LDAP (Lightweight Directory Access Protocol) region to allow access comprising:
dialing into a local dial access provider;
creating an access request;
forwarding the dial access request to a corporate remote authentication dial-in user service (RADIUS) server;
proxying the request to a regional RADIUS server associated with the user's home region;
accessing the regional user database to determine if the user is present in the regional database;
authenticating the user; and
providing configuration information to the user to allow access to the network.
2. The method for dial roaming of claim 1 wherein the access request is forwarded to an access provider via a network access server (NAS).
3. The method of claim 2 wherein the NAS functions as a client of the corporate RADIUS server.
4. The method of claim 1 further comprising:
the corporate RADIUS server determining if the user is a member of an LDAP or non-LDAP region.
5. The method of claim 4 wherein the determining if the user is a member of an LDAP or non-LDAP region is accomplished by reviewing a configuration file stored in the corporate RADIUS server.
6. The method of claim 1 further comprising forwarding the access request to a regional LDAP database if the home region is LDAP enabled.
7. The method of claim 6 further comprising the regional LDAP database authenticating the user.
8. The method of claim 7 further comprising the regional LDAP database sending an “accept” message if the user is in the regional LDAP database and a “deny” message if the user is not in the regional LDAP database.
9. The method of claim 1 wherein the access request comprises a user name and password.
10. The method of claim 9 wherein the user name comprises a regional naming convention for identifying the home region of the user.
11. The method of claim 9 wherein the user name comprises an email address of the user.
12. The method of claim 9 further comprising comparing the user password to the password stored in the non-LDAP database.
13. The method of claim 12 wherein the password from the database is CHAP hashed, and wherein the password delivered to the database is CHAP hashed, and wherein the password comparison comprises comparing the CHAP hashed password delivered to the database with the CHAP hashed password extracted from the database.
14. The method of claim 12 wherein the database of the non-LDAP regions is an subscriber management system (SMS) database.
15. The method of claim 9 wherein the password is hashed to maintain security.
16. A system for dial roaming for users having a home non-LDAP region to allow access comprising:
a user computer having a home service region for creating a network access request;
a dial up connection over a first network to a network access server (NAS) in a roaming area:
a second network connected to the NAS for receiving the network access request;
a local network service provider connected to the second network;
a third network connected to the network service provider;
a corporate RADIUS server connected to the third network for receiving the access request; and
a regional LDAP server comprising a user database for authenticating the user access request and for allowing access to the regional network.
17. The system of claim 16 further comprising a regional RADIUS server connected to a non-LDAP regional server connected to the second network for receiving the access request.
18. The system of claim 17 wherein the non-LDAP regional server further comprises a user database and access instructions for authenticating the user access request in the non-LDAP server database.
19. The system of claim 18 wherein the database is an SMS database.
20. The system of claim 16 wherein the user access request comprises a user ID and password.
21. The system of claim 20 wherein the NAS further comprises instructions for hashing the user ID and password to enhance security.
22. The system of claim 18 wherein the non-LDAP server further comprises instructions to permit access if the user is in the database and to deny access if the user is not in the database.
23. A system for authenticating users using a standard RADIUS protocol against a non-standard subscriber management system and database comprising:
a RADIUS server, having a RADIUS authentication protocol, connected to a first network for receiving an access request from a user;
a subscriber management server, connected to a second network, comprising a user database for authenticating the user access request over the second network; and
a database view created in memory on the subscriber management server for providing user access information in the correct format for the RADIUS authentication protocol.
24. The system for authenticating users using a standard RADIUS protocol against a non-standard subscriber management system and database of claim 23 wherein the user access request is a username and password.
25. The system for authenticating users using a standard RADIUS protocol against a non-standard subscriber management system and database of claim 24 wherein the username is and email address.
26. The system for authenticating users using a standard RADIUS protocol against a non-standard subscriber management system and database of claim 24 wherein the password from the user database is CHAP hashed to compare to the password presented in the user access request.
27. The system for authenticating users using a standard RADIUS protocol against a non-standard subscriber management system and database of claim 26 wherein the subscriber management server further comprises instructions for sending an “accept” message to the RADIUS server if the user password from the user database matches the user password presented in the user access request, and for sending a “deny” message to the RADIUS server if the user password from the user database does not matche the user password presented in the user access request.
US09/731,571 2000-12-07 2000-12-07 System and method for password authentication for non-LDAP regions Expired - Lifetime US7099475B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US09/731,571 US7099475B2 (en) 2000-12-07 2000-12-07 System and method for password authentication for non-LDAP regions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/731,571 US7099475B2 (en) 2000-12-07 2000-12-07 System and method for password authentication for non-LDAP regions

Publications (2)

Publication Number Publication Date
US20030131264A1 true US20030131264A1 (en) 2003-07-10
US7099475B2 US7099475B2 (en) 2006-08-29

Family

ID=24940077

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/731,571 Expired - Lifetime US7099475B2 (en) 2000-12-07 2000-12-07 System and method for password authentication for non-LDAP regions

Country Status (1)

Country Link
US (1) US7099475B2 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030056092A1 (en) * 2001-04-18 2003-03-20 Edgett Jeff Steven Method and system for associating a plurality of transaction data records generated in a service access system
US20030056096A1 (en) * 2001-04-18 2003-03-20 Albert Roy David Method and system for securely authenticating network access credentials for users
US20050021781A1 (en) * 2003-06-05 2005-01-27 Singam Sunder Method and system of providing access point data associated with a network access point
US20060143440A1 (en) * 2004-12-27 2006-06-29 Cisco Technology, Inc. Using authentication server accounting to create a common security database
US20080146259A1 (en) * 2006-12-19 2008-06-19 Lucent Technologies Inc. Method and apparatus for parent-controlled short message service
US7539862B2 (en) 2004-04-08 2009-05-26 Ipass Inc. Method and system for verifying and updating the configuration of an access device during authentication
US20090138619A1 (en) * 2001-10-16 2009-05-28 Schnizlein John M Method and apparatus for assigning network addresses based on connection authentication
US7752653B1 (en) 2002-07-31 2010-07-06 Cisco Technology, Inc. Method and apparatus for registering auto-configured network addresses based on connection authentication
US8528057B1 (en) * 2006-03-07 2013-09-03 Emc Corporation Method and apparatus for account virtualization
EP2811708A1 (en) * 2013-06-06 2014-12-10 Nagravision S.A. System and method for authenticating a user
US20150324826A1 (en) * 2014-05-09 2015-11-12 DeNA Co., Ltd. Server device, software program, and system
US20150324574A1 (en) * 2014-05-09 2015-11-12 DeNA Co., Ltd. Server device, software program, and system
US20150333915A1 (en) * 2013-03-15 2015-11-19 Arris Technology, Inc. Method and apparatus for embedding secret information in digital certificates
US20180025148A1 (en) * 2016-07-22 2018-01-25 Aetna Inc. Incorporating risk-based decision in standard authentication and authorization systems

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1488606B1 (en) * 2002-03-20 2006-11-08 Research In Motion Limited Mobile access to lightweight directory access protocol (LDAP)
US8150951B2 (en) * 2002-07-10 2012-04-03 Cisco Technology, Inc. System and method for communicating in a loadbalancing environment
US8738923B2 (en) * 2007-09-14 2014-05-27 Oracle International Corporation Framework for notifying a directory service of authentication events processed outside the directory service

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5898780A (en) * 1996-05-21 1999-04-27 Gric Communications, Inc. Method and apparatus for authorizing remote internet access
US6151628A (en) * 1997-07-03 2000-11-21 3Com Corporation Network access methods, including direct wireless to internet access
US6539482B1 (en) * 1998-04-10 2003-03-25 Sun Microsystems, Inc. Network access authentication system
US6738362B1 (en) * 1999-02-25 2004-05-18 Utstarcom, Inc. Mobile internet protocol (IP) networking with home agent and/or foreign agent functions distributed among multiple devices

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5881234A (en) 1996-04-26 1999-03-09 Schwob; Pierre R. Method and system to provide internet access to users via non-home service providers
US6009103A (en) 1997-12-23 1999-12-28 Mediaone Group, Inc. Method and system for automatic allocation of resources in a network
US6073242A (en) 1998-03-19 2000-06-06 Agorics, Inc. Electronic authority server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5898780A (en) * 1996-05-21 1999-04-27 Gric Communications, Inc. Method and apparatus for authorizing remote internet access
US6151628A (en) * 1997-07-03 2000-11-21 3Com Corporation Network access methods, including direct wireless to internet access
US6539482B1 (en) * 1998-04-10 2003-03-25 Sun Microsystems, Inc. Network access authentication system
US6738362B1 (en) * 1999-02-25 2004-05-18 Utstarcom, Inc. Mobile internet protocol (IP) networking with home agent and/or foreign agent functions distributed among multiple devices

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030056096A1 (en) * 2001-04-18 2003-03-20 Albert Roy David Method and system for securely authenticating network access credentials for users
US7921290B2 (en) * 2001-04-18 2011-04-05 Ipass Inc. Method and system for securely authenticating network access credentials for users
US20030056092A1 (en) * 2001-04-18 2003-03-20 Edgett Jeff Steven Method and system for associating a plurality of transaction data records generated in a service access system
US7886149B2 (en) * 2001-10-16 2011-02-08 Cisco Technology, Inc. Method and apparatus for assigning network addresses based on connection authentication
US20090138619A1 (en) * 2001-10-16 2009-05-28 Schnizlein John M Method and apparatus for assigning network addresses based on connection authentication
US8291489B2 (en) 2002-07-31 2012-10-16 Cisco Technology, Inc. Method and apparatus for registering auto-configured network addresses based on connection authentication
US7752653B1 (en) 2002-07-31 2010-07-06 Cisco Technology, Inc. Method and apparatus for registering auto-configured network addresses based on connection authentication
US20100269155A1 (en) * 2002-07-31 2010-10-21 Ralph Droms Method and Apparatus for Registering Auto-Configured Network Addresses Based On Connection Authentication
US20050021781A1 (en) * 2003-06-05 2005-01-27 Singam Sunder Method and system of providing access point data associated with a network access point
US8606885B2 (en) 2003-06-05 2013-12-10 Ipass Inc. Method and system of providing access point data associated with a network access point
US20090150525A1 (en) * 2004-04-08 2009-06-11 Ipass, Inc. Method and system for verifying and updating the configuration of an access device during authentication
US7539862B2 (en) 2004-04-08 2009-05-26 Ipass Inc. Method and system for verifying and updating the configuration of an access device during authentication
US7958352B2 (en) 2004-04-08 2011-06-07 Ipass Inc. Method and system for verifying and updating the configuration of an access device during authentication
US20060143440A1 (en) * 2004-12-27 2006-06-29 Cisco Technology, Inc. Using authentication server accounting to create a common security database
US7861076B2 (en) * 2004-12-27 2010-12-28 Cisco Technology, Inc. Using authentication server accounting to create a common security database
US8528057B1 (en) * 2006-03-07 2013-09-03 Emc Corporation Method and apparatus for account virtualization
US20080146259A1 (en) * 2006-12-19 2008-06-19 Lucent Technologies Inc. Method and apparatus for parent-controlled short message service
US8526979B2 (en) * 2006-12-19 2013-09-03 Alcatel Lucent Method and apparatus for parent-controlled short message service
US20150333915A1 (en) * 2013-03-15 2015-11-19 Arris Technology, Inc. Method and apparatus for embedding secret information in digital certificates
US9912485B2 (en) * 2013-03-15 2018-03-06 Arris Enterprises, Inc. Method and apparatus for embedding secret information in digital certificates
WO2014195122A1 (en) * 2013-06-06 2014-12-11 Nagravision S.A. System and method for user authentication
US9491174B2 (en) 2013-06-06 2016-11-08 Nagravision S.A. System and method for authenticating a user
EP2811708A1 (en) * 2013-06-06 2014-12-10 Nagravision S.A. System and method for authenticating a user
US20150324574A1 (en) * 2014-05-09 2015-11-12 DeNA Co., Ltd. Server device, software program, and system
US20150324826A1 (en) * 2014-05-09 2015-11-12 DeNA Co., Ltd. Server device, software program, and system
US20180025148A1 (en) * 2016-07-22 2018-01-25 Aetna Inc. Incorporating risk-based decision in standard authentication and authorization systems
US10846389B2 (en) * 2016-07-22 2020-11-24 Aetna Inc. Incorporating risk-based decision in standard authentication and authorization systems
US11727104B2 (en) 2016-07-22 2023-08-15 Aetna Inc. Incorporating risk-based decision in standard authentication and authorization systems

Also Published As

Publication number Publication date
US7099475B2 (en) 2006-08-29

Similar Documents

Publication Publication Date Title
US7099475B2 (en) System and method for password authentication for non-LDAP regions
US20200081878A1 (en) Universal data aggregation
JP3869392B2 (en) User authentication method in public wireless LAN service system and recording medium storing program for causing computer to execute the method
US8495155B2 (en) Enterprise management of public instant message communications
US7185360B1 (en) System for distributed network authentication and access control
US8069166B2 (en) Managing user-to-user contact with inferred presence information
RU2273107C2 (en) Method, system and computer device for providing communication services between resources in communication networks and internet to perform transactions
US8549588B2 (en) Systems and methods for obtaining network access
US8924459B2 (en) Support for WISPr attributes in a TAL/CAR PWLAN environment
US20010054157A1 (en) Computer network system and security guarantee method in the system
US20040209597A1 (en) Authentication method for enabling a user of a mobile station to access to private data or services
JP5239341B2 (en) Gateway, relay method and program
JP2012515956A (en) System and method for enhanced smart client support
US20040010713A1 (en) EAP telecommunication protocol extension
US20020162029A1 (en) Method and system for broadband network access
CA2647684A1 (en) Secure wireless guest access
US20030177385A1 (en) Reverse authentication key exchange
US20030196107A1 (en) Protocol, system, and method for transferring user authentication information across multiple, independent internet protocol (IP) based networks
US20050210288A1 (en) Method and apparatus for eliminating dual authentication for enterprise access via wireless LAN services
RU2253187C2 (en) System and method for local provision of meeting specified regulations for internet service providers
KR101916342B1 (en) System and Method for Location based Marketing Information Service Using the AP
JP4152753B2 (en) Network authentication access control server, application authentication access control server, and integrated authentication access control system
JP3973357B2 (en) Port number convergence, deployment method and gateway server thereof
US20040152448A1 (en) Method and arrangement for authenticating terminal equipment
KR20050068826A (en) Method of roaming service between public wireless lan and enterprise wireless lan

Legal Events

Date Code Title Description
AS Assignment

Owner name: ROAD RUNNER, VIRGINIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HUFF, BARBARA;REEL/FRAME:014374/0006

Effective date: 20010620

AS Assignment

Owner name: ROAD RUNNER, VIRGINIA

Free format text: NON-DISCLOSURE AND INTELLECTUAL PROPERTY ASSIGNMENT AGREEMENTS;ASSIGNORS:PFEFFER, HOWARD;GAZILLO, MICHAEL;CASHMAN, JOHN;REEL/FRAME:014368/0866

Effective date: 19990812

AS Assignment

Owner name: ROAD RUNNER LLC, VIRGINIA

Free format text: CHANGE OF NAME;ASSIGNOR:SERVICECO LLC;REEL/FRAME:016735/0206

Effective date: 20001004

Owner name: CABLE HOLDCO LLC, VIRGINIA

Free format text: INSTRUMENT OF TRANSFER AND ASSUMPTION;ASSIGNOR:ROAD RUNNER LLC;REEL/FRAME:016735/0208

Effective date: 20010501

Owner name: ROAD RUNNER HOLDCO LLC, VIRGINIA

Free format text: CHANGE OF NAME;ASSIGNOR:CABLE HOLDCO LLC;REEL/FRAME:016735/0204

Effective date: 20010516

Owner name: SERVICECO LLC, VIRGINIA

Free format text: RECORD TO CORRECT THE 2ND CONVEYING PARTY'S AND THE RECEIVING PARTY'S NAME, PREVIOUSLY RECORDED AT REEL 014368, FRAME 0866.;ASSIGNORS:PFEFFER, HOWARD;GAZZILLO, MICHAEL;CASHMAN, JOHN;REEL/FRAME:016738/0062

Effective date: 19990812

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

AS Assignment

Owner name: BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNORS:BRIGHT HOUSE NETWORKS, LLC;CHARTER COMMUNICATIONS OPERATING, LLC;TIME WARNER CABLE ENTERPRISES LLC;REEL/FRAME:038747/0507

Effective date: 20160518

Owner name: BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT, NE

Free format text: SECURITY INTEREST;ASSIGNORS:BRIGHT HOUSE NETWORKS, LLC;CHARTER COMMUNICATIONS OPERATING, LLC;TIME WARNER CABLE ENTERPRISES LLC;REEL/FRAME:038747/0507

Effective date: 20160518

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553)

Year of fee payment: 12

AS Assignment

Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., ILLINOIS

Free format text: SECURITY INTEREST;ASSIGNORS:ADCAST NORTH CAROLINA CABLE ADVERTISING, LLC;ALABANZA LLC;AMERICA'S JOB EXCHANGE LLC;AND OTHERS;SIGNING DATES FROM 20160518 TO 20180518;REEL/FRAME:046567/0090

Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., I

Free format text: SECURITY INTEREST;ASSIGNORS:ADCAST NORTH CAROLINA CABLE ADVERTISING, LLC;ALABANZA LLC;AMERICA'S JOB EXCHANGE LLC;AND OTHERS;SIGNING DATES FROM 20160518 TO 20180518;REEL/FRAME:046567/0090

AS Assignment

Owner name: WELLS FARGO TRUST COMPANY, N.A., UTAH

Free format text: SECURITY INTEREST;ASSIGNORS:BRIGHT HOUSE NETWORKS, LLC;CHARTER COMMUNICATIONS OPERATING, LLC;TIME WARNER CABLE ENTERPRISES LLC;AND OTHERS;REEL/FRAME:046630/0193

Effective date: 20180716

AS Assignment

Owner name: TIME WARNER CABLE INTERNET LLC, VIRGINIA

Free format text: CHANGE OF NAME;ASSIGNOR:ROAD RUNNER HOLDCO LLC;REEL/FRAME:048513/0229

Effective date: 20121213